Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

HELP: Win32: TratBHO [Trj] [RESOLVED]

becca_hoo

Posted 08 May 2008 - 03:20 AM

becca_hoo

Member

Member

15 posts

NOTE: I have taken the first several steps as told to but my problem persist despite it can no longer be detected! Please scroll down to my most recent post in this thread for updated logs. I need help and would appreciate any assistance I can get!

-----------------------------------------------------Dear Rorschach112 and other experts,

You will receive a prompt asking if you want to remove the files, click YES

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will reboot your computer, click OK.

Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.

Click the red Moveit! button.

A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.

Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Step 3. Deckards' System Scanner

Close all other windows before proceeding.

Double-click on dss.exe and follow the prompts.

When it has finished, dss will open two Notepads main.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt in your next reply.

In your next reply

Please post the log from vundofix.Please post the log from OTMoveIt2.Please post Main.txt from Deckards' System Scanner.

becca_hoo

Posted 08 May 2008 - 07:39 PM

The reason for my triple post is because my computer is going through worse problems! help!

I have carried out the first steps and that is to remove the JAVA applications + P2P programs. As told, I restarted my computer and when i did, my computer would never fully load up.

As soon as windows would load, the cpu usage drops down to 0%~4% and no other programs are able to start up.

What i did next was to ctrl+alt+del, i ran hijackthis using the run command and hit "FIX THIS" after selecting some suspicious looking files (at my own digression having a little insight as to what files Rorschach112 told his clients to remove)

I then restarted my computer. Things seem to work okay now BUT i am not able to use web explorers (except to check hotmail).

I am now using a public computer to access geeks to go. I dont know where to go from here with my computer which is now rendered useless.

becca_hoo

Posted 09 May 2008 - 05:05 AM

becca_hoo

Member

Topic Starter

Member

15 posts

Hi experts, I am currently on my sister's computer now because mine does not allow me to visit certain websites (hard to say which ones though i am very limited! i cant even use google or load geekstogo.com)

CURRENT SITUATION: I no longer receive trojan detected warnings. Instead I have issues with my web browser (it loads certain pages quickly and normally (bookmarked) OR it will take forever to load a page (not book marked pages) OR it just wont load.I also get this strange clicking sound every 15-30minutes and i dont know where it's coming from.

Advertisements

Mike

Posted 09 May 2008 - 01:06 PM

Mike

Malware Monger

Retired Staff

2,745 posts

Hi again becca hoo,

First off, Relax! Although it may be a bit overwhelming there is no reason to worry about it, I will do my best to get your computer clean Now, it seems you are trying to fix things on your own, this is very dangerous! Alot of things that Hijack This and these other programs show are legitimate items that are needed for your computer to run properly, so please refrain from running ANY tools other than what I ask you to run.

Now let's get back to cleaning your computer. If you have troubles downloading any of the tools, please use your sisters', or any other avalible computer, to download it and transfer it to your computer via a portable storage device such as a USB pen drive.

becca_hoo

Posted 09 May 2008 - 05:20 PM

becca_hoo

Posted 09 May 2008 - 06:00 PM

becca_hoo

Member

Topic Starter

Member

15 posts

I found a working link from the same website you gave me - with that, i followed your instructions and have produced the following:COMBO FIX LOGComboFix 08-05-08.1 - Rebecca 2008-05-10 9:32:09.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.628 [GMT 10:00]Running from: C:\Documents and Settings\Rebecca\desktop\ComboFix.exeCommand switches used :: /KillAll * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.

Mike

Posted 10 May 2008 - 07:17 AM

Mike

Malware Monger

Retired Staff

2,745 posts

Hi Becca hoo,

It's looking much better

I noticed that you installed Sophos AntiVirus, while this is fine, you now have two antiviruses installed on your computer. This can cause alot of problems, including slow performance and lowered security due to both programs running at the same time. Because of this I recommend you uninstall one of these programs, either Avast! or Sophos.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 3. Running an Online Scan

Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.

In the new window that opens, click the "Accept" button to accept the user agreement, install the ActiveX control, and download the program.

When you get the Windows dialog asking if you want to install this software, click the "Install" button.

When the "Update progress" line changes to "Ready" and the "NEXT ->" button lights up with a green arrow, click it.

Click on the "Scan Settings" button, and in the next window select the "extended" database, and click Ok.

Under "Please select a target to scan:", click My Computer to start the scan.

When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window, and post the text in kavscan.txt in your next reply.

In your next reply

Please post Combofix.txt.Please post the log produced by MalwareBytes' Antimalware (step 2)Please post the log produced by Kaspersky (step 3)A new Hijack this log after running the above scans.

becca_hoo

Posted 10 May 2008 - 09:03 AM

becca_hoo

Member

Topic Starter

Member

15 posts

is it okay if i dont install recovery console? my xp os cd came together with the laptop and the laptop dvd drive doesnt read it. it might be because my drive is set to region 1 when these discs (which i got in australia) are set to region 2 and i dont want to switch my drive regions.